14 security, 1 integrated security features – HP Insight Control Software for Linux User Manual
Page 21
1.14 Security
1.14.1 Integrated security features
This section describes features that are integrated into HP SIM and HP Insight Control for Linux
to make them secure. Security features are also discussed in context of the associated topic
throughout this document.
•
Browser Connections
HP SIM enforces a secure connection to the web browser.
•
User Names and Passwords
The following is a list of user names and passwords on your CMS that permit access only
to authorized users:
— Linux root password
Permits access to the root account on the CMS, which has privileges to perform any
administrative task.
— HP SIM user name and password
A user with administrative privileges who can launch and use HP SIM and Insight
Control for Linux to manage and monitor systems.
— Management processor user name and password
Allows access to the serial console ports of the managed systems.
— Nagios administrator password
Grants access to launch and use the Nagios system and network monitoring application.
•
Firewalls
HP Insight Control for Linux works with a firewall if you open the appropriate ports.
NOTE:
HP recommends that you use a firewall.
•
Secure Shell
Secure Shell (SSH) is the preferred method to access managed systems. Typically, you use
the ssh command to get a login shell or to run commands.
HP Insight Control for Linux and most modern Linux distributions provide the OpenSSH
suite, which includes the ssh command. OpenSSH implements both ssh1 and ssh2
protocols; ssh2 is the preferred default protocol. RSA, RSA1 and DSA host keys are
supported. The keys used to identify hosts are 1024-bit RSA keys, and a 256-bit AES key is
used for encrypting communication. The diffie-helman-group1-sha key is used.
The defaults should be sufficient but, if your environment requires different key
configurations, see the following web address for information on their proper configuration:
The SSH service also enables file transfer with the scp or sftp commands over the same
port as SSH.
•
pdsh Keys
The pdsh command uses public host keys to authenticate remote hosts and supports public
key authentication to authenticate users.
•
cmfd Keys
The console command uses SSL keys to connect to the console management facility daemon
(cmfd) for console access.
1.14 Security
21